Cyberattackers, increasingly state-linked criminal groups, are not merely extracting information. They are orchestrating multifaceted campaigns designed to disrupt operations, extract leverage, and erode competitive advantage.By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions .Complete the form to unlock this article and enjoy unlimited free a ...

Core Insights - Figure Technology confirmed a customer data breach due to a social engineering attack targeting an employee, with the hacking group ShinyHunters claiming responsibility and publishing 2.5 gigabytes of stolen data [1][2] Company Overview - Founded in 2018, Figure is a New York-based lender that operates its loan platform on the Provenance blockchain, focusing on home equity lines of credit [4] - The company went public in September 2025, raising $787.5 million in an IPO that valued it at approximately $5.3 billion [4] Incident Details - The breach involved an employee being manipulated into downloading files, which included sensitive customer information such as full names, home addresses, dates of birth, and phone numbers [1][2] - Figure stated that it acted quickly to block the activity and engaged a forensic firm to investigate the affected files [2] Industry Context - A report by Chainalysis indicated that over $17 billion in cryptocurrency was stolen in 2025 through AI-powered impersonation scams, highlighting the growing threat of such attacks [3] - Data breaches were prevalent in 2025, with over 8,000 notification filings related to more than 4,000 incidents affecting at least 374 million individuals [3] Response and Future Actions - Figure is communicating with partners and impacted parties while implementing additional safeguards, including offering complimentary credit monitoring to affected individuals [5] - The company announced a proposed secondary public offering of up to 4,230,000 shares of its Series A Blockchain Common Stock and plans to repurchase up to $30 million of Class A shares from underwriters [5] Stock Performance - Following the breach announcement, Figure's stock rose by 3.57% to a price of $35.29, although it has experienced a 37% decline over the past month [6]

$370M lost in one month. One victim alone lost 1,459 $BTC. Crypto security isn’t optional, it’s essential.Here’s how to protect your wallet from phishing, fake websites, and social engineering👇Full guide:https://t.co/WVbJEErnJ9 ...

Don’t let hackers hack your habits.Social engineering exploits fear, greed, and curiosityRead more 👇https://t.co/UgYSe4d2J0 ...

Romance scams aren’t only heartbreaking. They are big business for criminals. Every year in the UK, there are more than 9,400 reports of romance fraud. This equates to a loss of more than £106m or around £11,200 per victim on average. The reports of romance fraud continue to rise at a time when identity fraud as a whole is surging. The common thread tying them together? Trust is exploited and identities are misused. Romance scams are often seen as personal crimes rather than financial ones. However, behi ...

Market Overview - The global cyber insurance market is projected to reach up to $50 billion by 2030, increasing from an estimated $16 billion to $20 billion in 2025 [3] - The market experienced significant growth from 2020 to 2022, with a peak year-over-year growth of nearly 61% in 2021 [3] Recent Trends - Following a period of rapid premium increases due to a complex cyber threat landscape, growth slowed to 1.62% in 2023 and contracted by 7.11% in 2024 [4] - The market remains mostly buyer-friendly, but risks from ransomware and supply chain issues persist, with artificial intelligence expected to exacerbate threats [4] Future Outlook - Insurers are anticipated to refine policy language and address AI-related exposures while focusing on risk management strategies to mitigate impacts from deepfake technology and social engineering [5] - Cyber insurance prices are expected to remain flat through at least the first half of 2026, following a stabilization after three years of market softening [7] - The healthcare sector is experiencing slightly higher cyber insurance prices due to a less competitive claims environment [7]

Core Insights - The article highlights the increasing threat of payment fraud, particularly through phony bank account change requests, which have seen a 43% increase in attacks over two years, with individual losses often reaching six or seven figures [1][8]. Group 1: Types of Fraud - Phony bank account change requests involve fraudsters posing as legitimate suppliers to reroute payments to criminal accounts, exploiting the lack of independent verification [1][9]. - AI-generated fraud techniques, such as deep-fake voice calls and synthetic invoices, complicate detection efforts, leveraging the natural trust in familiar voices and document formats [2]. - Duplicate and altered invoices are resubmitted by fraudsters with minor changes, relying on overworked staff to overlook discrepancies [3]. Group 2: Vulnerabilities in Accounts Payable (AP) - The AP landscape is dominated by schemes that exploit weaknesses in manual processes and human oversight, leading to a daily struggle between efficiency and vigilance [4][8]. - Limited staff training contributes to the problem, with fewer than one in three finance employees receiving regular anti-fraud education [4]. - Weak or inconsistent controls, such as reliance on manual verification and decentralized onboarding, increase vulnerability to fraud [5]. Group 3: Impact of Payment Fraud - The FBI reported over $3 billion in business email compromise (BEC) losses in 2024, marking a nearly 20% increase from the previous year, indicating a growing risk of payment fraud [6]. - The average loss per incident of payment fraud is estimated at $125,000, with recovery rates below 20% [10]. - The ripple effects of fraud incidents include reputational damage, operational disruption, regulatory exposure, and negative impacts on employee morale [23]. Group 4: Best Practices for Prevention - Standardizing the bank change process and independently verifying bank account ownership are critical steps to mitigate fraud risks [22]. - Implementing a formal, documented workflow for supplier bank account change requests and using secure online portals instead of email can enhance security [24]. - Automation of the verification process can significantly reduce fraud attempts by over 60%, creating a permanent audit trail that enhances accountability [28][30]. Group 5: Challenges in Verification - Traditional supplier onboarding processes are often inadequate, with only about 40% of global banking systems providing real-time verification, complicating the verification of bank accounts [14]. - Manual processes introduce errors and delays, making it difficult to detect fraudulent activities [15][17]. - High transaction volumes overwhelm staff, leading to missed verification steps and increased susceptibility to fraud [20]. Group 6: Conclusion - Phony bank account change requests represent a preventable yet costly type of payment fraud, necessitating a shift from manual controls to standardized, automated processes to keep pace with evolving threats [30][32].

[Music] In 2020, a publisher reached out and asked me to write a book about crypto scams. I was flattered and thought, "How hard can this be?" So, turns out it's hard and takes a lot of research. But I'd been working in the industry for years by this point.My job is to advise on risks and scams. I'd read the scammers textbooks. I know scams.So, I figured at least I wouldn't fall for one. So, guess who did. And 4.2% 2 million people did in England and Wales last year.There's always been scams, but scams and ...

Cybersecurity Threats & Actors - Nation-state actors are primarily motivated by geopolitical aims and espionage, often engaging in offensive cyberattacks to support warfare or prepositioning for potential conflicts [5][6] - Subnation-state actors and some nation-state activities are financially motivated, commonly using ransomware attacks to steal and encrypt data, demanding cryptocurrency for its release [9][10] - A gray market exists for zero-day vulnerabilities, with buyers including companies equipping law enforcement and governments, with some vulnerabilities worth millions of dollars [12][14] - AI is exacerbating social engineering risks by enabling deep fakes, making phishing attacks more tailored and effective, such as cloning voices for ransom demands or impersonating executives for financial fraud [30][32][33] Vulnerability Disclosure & Mitigation - Project Zero introduced a 90-day disclosure timeline for vulnerabilities, compelling companies to prioritize security patches to prevent exploitation by malicious actors [19][20] - Governments have been known to deliberately withhold vulnerability information for exploitation purposes, as exemplified by the Eternal Blue case [24] - Healthcare and critical infrastructure sectors often struggle with patch management due to the risk of disrupting essential services, leading to long-term vulnerabilities [29] - Multi-factor authentication and pass keys are emerging as strong defenses against phishing and password-related attacks, enhancing security and user experience [37][39][40] AI & Agent Security - Risk-based authentication, enhanced by AI, assesses user behavior to determine trust levels and adjust security friction accordingly, such as requiring multi-factor authentication based on anomalous activity [43][46] - The rise of AI agents acting on behalf of humans introduces new security challenges, requiring careful consideration of agent identity, permissions, and potential for misuse [50][51] - Contextual integrity is crucial for training AI agents to respect privacy norms and avoid disclosing sensitive data inappropriately, necessitating mechanisms for agents to seek permission before sharing information [57][58][59]

Crypto Scam Evolution & Impact - Crypto scams are evolving rapidly, with hundreds of millions of dollars in value stolen from users in the last 2-3 years [3] - Generative AI has significantly reduced the cost of persuasion, making scams easier to execute [4] - Industrial supply chains, such as pig butchering compounds, have turned fraud into shift work, amplifying the scale of scams [5] - Friction-free rails like mixers and cross-chain bridges facilitate money laundering, complicating law enforcement efforts [6] - Consumer fraud in the US exceeded $12 billion last year, highlighting the increasing scale of the problem [6] Countermeasures & Solutions - Education is the best defense against evolving scams, emphasizing the need for users to stay informed [1] - Crystal Intelligence focuses on adding the "why" and "who" to blockchain analysis, fusing blockchain flows with off-chain context to understand scam behavior [13] - Crystal's analytics aim to be human-oriented, helping victims and potential victims understand threats before it's too late [15] - Pattern recognition and mileage are crucial in spotting attacks, similar to how compliance officers identify suspicious activity [9][10] - Sim swaps are a long-standing threat that can compromise various accounts, often preceding crypto theft [20][21]